2.0.0

Update for Windows 10 22H2, Windows 11 22H2

Source/WinObjEx64/extras/extrasCallbacks.c

@@ -6,7 +6,7 @@
 *
 *  VERSION:     2.00
 *
-*  DATE:        19 Jun 2022
+*  DATE:        25 Oct 2022
 *
 * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
 * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -37,7 +37,7 @@ static FAST_EVENT SysCbInitializedEvent = FAST_EVENT_INIT;
 #define CBT_SIZE_FE_V1        0xF8
 #define CBT_SIZE_CO_V1        0x100
 #define CBT_SIZE_NI_V1        0xF8
-#define CBT_SIZE_CU_V1        0xF8
+#define CBT_SIZE_CU_V1        0x100
 
 typedef struct _CBT_MAPPING {
     ULONG Build;
@@ -61,6 +61,7 @@ CBT_MAPPING g_CbtMapping[] = {
 
     { NT_WIN10_21H2, NTDDI_WIN10_VB, CBT_SIZE_VB_V1 },
     { NT_WIN10_21H2, NTDDI_WIN10_VB, CBT_SIZE_VB_V2 },
+    { NT_WIN10_22H2, NTDDI_WIN10_VB, CBT_SIZE_VB_V2 },
 
     { NT_WINSRV_21H1, NTDDI_WIN10_FE, CBT_SIZE_FE_V1 },
 
@@ -345,7 +346,8 @@ static const WCHAR *CiCallbackNames[] = {
     L"CiDeleteCodeIntegrityOriginClaimForFileObject",//29
     L"CiHvciReportMmIncompatibility",//30
     L"CiCompareExistingSePool",//31
-    L"CiSetCachedOriginClaim"//32
+    L"CiSetCachedOriginClaim",//32,
+    L"CipIsDeveloperModeEnabled"//33
 };
 
 typedef enum _CiNameIds {
@@ -381,7 +383,8 @@ typedef enum _CiNameIds {
     Id_CiDeleteCodeIntegrityOriginClaimForFileObject,
     Id_CiHvciReportMmIncompatibility,
     Id_CiCompareExistingSePool,
-    Id_CiSetCachedOriginClaim
+    Id_CiSetCachedOriginClaim,
+    Id_CipIsDeveloperModeEnabled
 } CiNameIds;
 
 //
@@ -565,7 +568,7 @@ static const BYTE CiCallbackIndexes_Win10RS4_21H2[] = {
 };
 
 //
-// Windows 10 21H2 updated
+// Windows 10 21H2 updated / 22H2
 //
 static const BYTE CiCallbackIndexes_Win1021H2_V2[] = {
     Id_CiSetFileCache,
@@ -635,7 +638,7 @@ static const BYTE CiCallbacksIndexes_WinSrv21H2[] = {
 //
 // Windows 11 21H2
 //
-static const BYTE CiCallbackIndexes_Win11[] = {
+static const BYTE CiCallbackIndexes_Win11_21H1[] = {
     Id_CiSetFileCache,
     Id_CiGetFileCache,
     Id_CiQueryInformation,
@@ -669,9 +672,9 @@ static const BYTE CiCallbackIndexes_Win11[] = {
 };
 
 //
-// Windows 11 Next
+// Windows 11 22H2
 //
-static const BYTE CiCallbackIndexes_Win11_Next[] = {
+static const BYTE CiCallbackIndexes_Win11_22H2[] = {
     Id_CiSetFileCache,
     Id_CiGetFileCache,
     Id_CiQueryInformation,
@@ -700,7 +703,8 @@ static const BYTE CiCallbackIndexes_Win11_Next[] = {
     Id_CiDeleteCodeIntegrityOriginClaimForFileObject,
     Id_CiHvciReportMmIncompatibility,
     Id_CiCompareExistingSePool,
-    Id_CiSetCachedOriginClaim
+    Id_CiSetCachedOriginClaim,
+    Id_CipIsDeveloperModeEnabled
 };
 
 /*
@@ -769,6 +773,7 @@ LPWSTR GetCiRoutineNameFromIndex(
     case NT_WIN10_20H2:
     case NT_WIN10_21H1:
     case NT_WIN10_21H2:
+    case NT_WIN10_22H2:
         
         switch (CiCallbacksSize) {
         case CBT_SIZE_VB_V2:
@@ -790,15 +795,15 @@ LPWSTR GetCiRoutineNameFromIndex(
         break;
 
     case NT_WIN11_21H2:
-        Indexes = CiCallbackIndexes_Win11;
-        ArrayCount = RTL_NUMBER_OF(CiCallbackIndexes_Win11);
+        Indexes = CiCallbackIndexes_Win11_21H1;
+        ArrayCount = RTL_NUMBER_OF(CiCallbackIndexes_Win11_21H1);
         break;
 
     case NT_WIN11_22H2:
     case NTX_WIN11_ADB:
     default:
-        Indexes = CiCallbackIndexes_Win11_Next;
-        ArrayCount = RTL_NUMBER_OF(CiCallbackIndexes_Win11_Next);
+        Indexes = CiCallbackIndexes_Win11_22H2;
+        ArrayCount = RTL_NUMBER_OF(CiCallbackIndexes_Win11_22H2);
         break;
     }
 

Source/WinObjEx64/kldbg.c

@@ -6,7 +6,7 @@
 *
 *  VERSION:     2.00
 *
-*  DATE:        07 Aug 2022
+*  DATE:        25 Oct 2022
 *
 *  MINIMUM SUPPORTED OS WINDOWS 7
 *
@@ -750,6 +750,7 @@ PVOID ObDumpSymbolicLinkObjectVersionAware(
     case NT_WIN10_20H2:
     case NT_WIN10_21H1:
     case NT_WIN10_21H2:
+    case NT_WIN10_22H2:
         objectSize = sizeof(OBJECT_SYMBOLIC_LINK_V4);
         objectVersion = OBVERSION_OBJECT_SYMBOLIC_LINK_V4;
         break;

WinObjEx64.sha256

@@ -5,7 +5,7 @@ fa001b1ac9bbbb6c954d5dd609de60fa2b0277a6cfe35f6428591e4b4b1e8453 *Compiled\WHATS
 d3c54e144f4ea198d761a0c89764d6cd39da19c0aa51661a9f37135e4f842a85 *Compiled\WHATSNEW_190.md
 c4205a94f6ed7ff8e26b318712acaab2d2d849fa97e7d92325d25cae49200c01 *Compiled\WHATSNEW_200.md
 7ef06d4d530d6ce398133a9d7e0036941215da1d065b175e79e75cbc9dfe9d32 *Compiled\WinObjEx64.chm
-b74ff9a630cdf395e6d6cc642a9c2876b57d4b0edd28b3a93ab5849f45e42866 *Compiled\WinObjEx64.exe
+937708a25ca16350062d6d45b7d2bf0faa726f4ed916f9b8d6fd72674a5abf16 *Compiled\WinObjEx64.exe
 b7d674453e9734472f85bd4ca3c53651e0702f32b5a801fce014a74b4d255bae *Compiled\plugins\ApiSetView.dll
 24a64aa290d1c21deae5029db957df728041006ef69087ad947eee8d4482881c *Compiled\plugins\ExamplePlugin.dll
 50b4c0ad3b58ac10fb0e2d386ce92287f9e30e0580d9f5b4b99a191f08d5b8ef *Compiled\plugins\ImageScope.dll
@@ -158,7 +158,7 @@ c251e49c1fa3f1f69bf0a6e767b53e626fc0fb426dfd067d66f5ad63e44d2a9c *Source\WinObjE
 8e9026da800c7d2dfd4dc6dbb4cfe09833592dc147586152f2c8950376059c73 *Source\WinObjEx64\global.h
 657ad230646b3dda6bc6d9f8af105ccef1dcc8e60757508637187c56ddf61ff2 *Source\WinObjEx64\hash.c
 91877ba05d36d1001e5b6a106bc3b48dbfeab5170080691051a81245fb2d7200 *Source\WinObjEx64\hash.h
-735831aeb48076b36efb8c8ec776dc5c4b2e9deea2ba5427ecf307c9c76334b0 *Source\WinObjEx64\kldbg.c
+fc84586d494484a020454def523f1a7a9c0614e3a743d4fab9de9c9339fee873 *Source\WinObjEx64\kldbg.c
 f418ff1909ff42fd1885ad0872e8a33cc9596163f0b4309251fd98355ce3280f *Source\WinObjEx64\kldbg.h
 c68b84390c641bafc2427db96e5dc5926d37035c9b8928e690d228cc3c856d4e *Source\WinObjEx64\kldbg_patterns.h
 64f058bae2d97ffd4c66b74b7dac13f7f9e086a81aef02b9f4e0b951735cd72d *Source\WinObjEx64\ksymbols.h
@@ -171,7 +171,7 @@ eec6b4e520a13a07729e7d0b51e123c526177cd80e8d92e59c21aa664e965901 *Source\WinObjE
 ccead70265b4cd11f49b0694ee53341d40a9f72d35fe316497938a8e3d1b7b79 *Source\WinObjEx64\plugmngr.c
 8dc17c3c9504041c303a496bbc0a1f8a0cc49a74b7204b9ef199bf0663d4eca1 *Source\WinObjEx64\plugmngr.h
 41907bc22c614ab86730ef5dc2c0202aab9585220f0a54da369f722c08133832 *Source\WinObjEx64\resource.h
-0f0daa79af4a5c76b077bac42dedd432906c9e21bf6aa525941f6a36cd2923b3 *Source\WinObjEx64\Resource.rc
+0efbb0f867a402615dabdc6c2c026dc7642cc42a9f232357142d4d6072a7920a *Source\WinObjEx64\Resource.rc
 161f371f8d53b2a2d84d953d2fee521c946d261d837f9411e69a5e739d9b7a98 *Source\WinObjEx64\sdviewDlg.c
 5cba0e33a6ae9fac2d099dce0e14efa38997208c80fe628acd933a10e77b36f9 *Source\WinObjEx64\symparser.c
 80d167cb85b0e0b455dbb5774119e990b0c9085ac014e49207ae8e74ee19227e *Source\WinObjEx64\symparser.h
@@ -188,7 +188,7 @@ fbd174ff5481dc5688cfe024761d882ea159699b09f61fda4f26fc466832421a *Source\WinObjE
 720ede45bc6fbec045e22da51e14ec703d33cea2c6d3fa7fb8c46163c2faa031 *Source\WinObjEx64\drivers\winio.h
 228717e08983e8c020423035e7fccb79038b17b5143a161eef5bd87d06a1ead5 *Source\WinObjEx64\extras\extras.c
 a22fd439c6839ff2e323882131a1245d9a195f4b34d78721386607f597d36634 *Source\WinObjEx64\extras\extras.h
-7cefb0e353a2f8aed5da8849bb6c6dc8baa92c85d6043ef62b72f299f38cdc0e *Source\WinObjEx64\extras\extrasCallbacks.c
+84c5fc8bd44f3f2ebc7dd30dbe7539140dc9a3061c247093b95c094ddf20aad5 *Source\WinObjEx64\extras\extrasCallbacks.c
 b33ada355b61038982d48a33fcd96fc7caa482d2b8930cb72413f4136829c402 *Source\WinObjEx64\extras\extrasCallbacksPatterns.h
 c8b4e586ecc57676fec72f22e581e8e08a255c1842be2bdf741d8a224f1d880f *Source\WinObjEx64\extras\extrasCmOpt.c
 e280bbcbafa4a9c08faeda90d856aebeb5d5b935f6cc3d54be425f802fb78c37 *Source\WinObjEx64\extras\extrasDrivers.c